dns (and dhcp ..) and loadbalancing

Claus van de Vlierd claus.van.de.vlierd at uni-oldenburg.de
Fri Dec 2 18:10:25 UTC 2005 

  Hello ,

  a) we still have a prim. nameserver that works sometimes rather slowly.

   b) to be more precise :

   b1) we have a prim. nameserver "<name of ns1>" with IP "<IP of ns1>"
       that is at the same time our primary DHCP-Server.

   b2) we have a sec. nameserver "<name of ns2>" with IP "<IP of ns2>"
       that is at the same time our sec. ("failover") DHCP-Server.

   b3) on our Routers we give both "helper-addresses" for dhcp-requests :
        "<IP of ns1>" and "<IP of ns2>" .

  c) now some guys here propose the following schema in order to make 
sure that ,
   let's say the "sendmail"-requests , are being sent to the SEC.
    SEC. nameserver in such a case of slow prim. nameserver :


    c1)  put a loadbalancer at the entrance of our net and give it
      both IP-addresses "<IP of ns1">  and "<IP of ns2">

    c2) change name and IP of the prim. nameserver (== prim. DHCP-Server)
        to "<new name of ns1"> resp. "<new IP of new name of ns1">

    c3) change name and IP of the sec. nameserver (== sec. DHCP-Server)
         to "<new name of ns2"> resp. "<new IP of new name of ns2"> .

     c4) change the "Router-dhcp-request-helper-addresses" from
         "<IP of ns1"> and "IP of ns2"> to
          "<new IP of new name of ns1"> and "<new IP of new name of ns2">


  d)  then the loadbalancer would receive all the dns- (port 53) and
      DHCP-requests and would distribute them to our prim and sec. 
Servers --
      so a slow prim. server would not matter any more : the loadbalancer
      would then prefer to send the requests to the sec. server.


  e) BUT : would such a szenario work ?!??

      e.g. : our DNS-Server would then answer "nslookups" with his
      address "<new IP of new name of ns1"> ---  but of course
      we have world-wide propagated that only
      "<IP of ns1>"
      is  AUTHORITATIVE  for giving information about our domain ... !


      I am afraid that the schema from "a)" - c)" would cause us many
       problems -- or ?!

       SO :

   f) is there any possibility to put a loadbalancer at the entrance of
      our net IN A WAYHAT WE HAVE  NOT TO CHANGE the IP-addresses
      of these nameservers (which are "worldwide known" ..) and  in a way
      that the loadbalancer first receives the dns- and dhcp-requests
      (that means : listens to the nameservers's addresses ..)
       and than distributes them to these nameserver ?!

      or perhaps it is a better idea , instead of using a loadbalancer,
      to work with the "routing-statements" on our routers
      and tell the router that it should use for ,e.g. "port 53 - dns- 
requests",

       the route to "<IP of ns2">  instead of "<IP of ns1"> in case the
        latter does not work properly ?!?


  g) any proposal would be appreciated for our above problem :

     HOW can we ensure that e.g. our "sendmail"-system uses the SECONDARY
     nameserver in case the primary nameserver works very slowly (if at 
all ..) ?!?!


  h) thanks for any help :

    Claus van de Vlierd

More information about the bind-users mailing list